System and method for digitally watermarking digital facial portraits

ABSTRACT

Some implementations may include a method for watermarking an identification document, the method including: modulating a spatial luminance pattern associated with a first digital watermark to encode a first portion of personally identifiable information; modulating a spatial chrominance distribution associated with a second digital watermark to encode a second portion of the personally identifiable information; and applying the first digital watermark and the second digital watermark to the identification document.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.14/469,826 filed Aug. 27, 2014, which claims priority to U.S.Provisional Application No. 61/871,011, filed Aug. 28, 2013, and titled“System and Method for Digitally Watermarking Digital Facial Portraits,”which is incorporated by reference.

TECHNICAL FIELD

This document generally relates to digital watermarking.

BACKGROUND

Digital watermarking may be used on identification documents as asecurity feature to prevent fraud.

SUMMARY

In one aspect, some implementations provide a method for watermarking adigital facial portrait, the method including: receiving a digitalfacial portrait of a subject; applying at least one digital watermark tothe digital facial portrait, the at least one digital watermark encodingpayload data linked to the subject; and generating the digitallywatermarked digital facial portrait as a machine-readable code foridentifying the subject.

Implementations may include one or more of the following features. Themethod may further include receiving a request to renew the digitallywatermarked digital facial portrait; and issuing a renewed digitallywatermarked digital facial portrait after verifying the renewal request,the at least one digital watermark encoding the payload data linked tothe subject. The method may further include updating the payload databefore issuing the renewed digitally watermarked digital facialportrait.

The method may further include receiving a request for replacing thedigitally watermarked digital facial portrait and an updated digitalfacial portrait of the subject; in response to determining that therequest is genuine, applying the at least one digital watermark to theupdated digital facial portrait to encode payload data linked to thesubject; and issuing the replacement digitally watermarked digitalfacial portrait. The method may further include updating the payloaddata before issuing the replacement digitally watermarked digital facialportrait. The method may further include issuing the digitallywatermarked digital facial portrait to a mobile computing deviceregistered under the subject's name.

The method may further include securing the digitally watermarkeddigital facial portrait to prevent an alteration thereof. Securing mayinclude generating a quantitative index based on the digital facialportrait. Generating the quantitative index may include generating adigital certificate of at least a portion of the digital facialportrait. Generating the quantitative index may include generating anencryption of at least a portion of the digital facial portrait using aprivate key of an issuing entity. Generating the quantitative index mayinclude generating a hash of at least a portion of the digitallywatermarked digital facial portrait, a digest of at least a portion ofthe digital facial portrait. Generating the quantitative index mayinclude generating a checksum of at least a portion of digital facialportrait. Generating the quantitative index may include generating aversion control number to indicate a current version number.

The method may further include suspending or revoking the digitallywatermarked digital facial portrait in response to a validated requestfor suspension or revocation. The suspending or revoking the digitalidentification document may include removing the digitally watermarkeddigital facial portrait from a mobile computing device of the subject.The suspending or revoking the digital identification document mayinclude issuing a suspended or revoked digitally watermarked digitalfacial portrait to over-write the previously issued digitallywatermarked digital facial portrait on the mobile computing device ofthe subject.

In another aspect, some implementations provide a computer-implementedmethod for authenticating a person, the method including: receiving adigitally watermarked digital facial portrait of the person, the digitalfacial portrait having at least one digital watermark identifyingpayload data linking the digital facial portrait to the person portrayedin the digital facial portrait; receiving results of comparison betweenthe digital facial portrait of the person and the person presenting thedigitally watermarked digital facial portrait; retrieving the at leastone digital watermark; and authenticating the digital facial portraitbased on the at least one digital watermark.

Implementations may include one or more of the following features.Receiving a digitally watermarked digital facial portrait of the personmay include: receiving the digitally watermarked digital facial portraitat a reading device configured to scan the digital facial portrait andretrieve the payload data from the at least one digital watermark. Themethod may further include: retrieving payload data from the digitalwatermark; and verifying that the digital facial portrait is authenticbased on the retrieved payload data. Verifying that the digital facialportrait is authentic may include retrieving security check informationfrom retrieved payload data; and receiving results of verification thatthe retrieved security check information is valid. Receiving a digitallywatermarked digital facial portrait of the person may include receivingthe digital facial portrait having more than one digital watermarks,each identifying respective payload data, and authenticating the digitalfacial portrait may include validating the more than one digitalwatermarks by cross-correlating the respective payload data.

In yet another aspect, some implementations provide a computer systemfor generating a digitally watermarked digital facial portrait, thesystem comprising at least one computer processor configured to performthe operations of: receiving a digital facial portrait of a subject;applying at least one digital watermark to the digital facial portrait,the at least one digital watermark encoding payload data linking thesubject; and generating the digitally watermarked digital facialportrait as an identification of the subject.

Implementations may include one or more of the following features. Theat least one processor may be further configured to perform theoperations of: receiving a request to renew the digitally watermarkeddigital facial portrait; and issuing a renewed digitally watermarkeddigital facial portrait after verifying the renewal request, the atleast one digital watermark also comprising the payload data identifyingthe subject. The operations may further include updating the payloaddata before issuing the renewed digitally watermarked digital facialportrait.

The operations may additionally include receiving a request forreplacing the digitally watermarked digital facial portrait and anupdated digital facial portrait of the subject; in response todetermining that the request is genuine, applying the at least onedigital watermark to the updated digital facial portrait to encode thepersonally identifiable information; and issuing the replacementdigitally watermarked digital facial portrait, the at least one digitalwatermark also comprising payload data identifying the subject. Theoperations may also include updating the payload data before issuing thereplacement digitally watermarked digital facial portrait.

Generating the digitally watermarked digital facial portrait may includeissuing the digitally watermarked digital facial portrait to a mobilecomputing device registered under the subject's name. The operations mayfurther include: securing the digitally watermarked digital facialportrait to prevent an alteration thereof. Securing may includegenerating at least one of: a digital certificate of at least a portionof the digitally watermarked digital facial portrait, an encryption ofat least a portion of the digitally watermarked digital facial portraitusing a private key of an issuing entity, a hash of at least a portionof the digitally watermarked digital facial portrait, a digest of atleast a portion of the digitally watermarked digital facial portrait, ora checksum of at least a portion of the digitally watermarked digitalfacial portrait.

The operations may further include: suspending or revoking the digitallywatermarked digital facial portrait in response to a validated requestfor suspension or revocation. Suspending or revoking the digitalidentification document may include one of: removing the digitallywatermarked digital facial portrait from a mobile computing device ofthe subject; or issuing a suspended or revoked digitally watermarkeddigital facial portrait to over-write the previously issued digitallywatermarked digital facial portrait on the mobile computing device ofthe subject.

In still another aspect, some implementations provide a mobile devicethat includes at least one processor configured to perform operationsincluding: receiving a digitally watermarked digital facial portrait ofthe person, the digital facial portrait having at least one digitalwatermark carrying payload data that identifies the person portrayed inthe digital facial portrait; and authenticating the person in thedigital facial portrait based on the digitally watermarked digitalfacial portrait.

Implementations may include one or more of the following features.Authenticating the person comprises: providing information encoding thedigitally watermarked digital facial portrait. The operations mayfurther include: presenting the digitally watermarked digital facialportrait to a reader device to retrieve the payload data from the atleast one digital watermark.

Receiving a digitally watermarked digital facial portrait of the personcomprises receiving the digital facial portrait having more than onedigital watermarks, each carrying respective payload data, and whereinauthenticating the person comprises validating the more than one digitalwatermarks by cross-correlating the respective payload data.

In yet still another aspect, some implementations provide a mobilecomputing device for authenticating a person, the mobile computingdevice including at least one processor configured to perform operationsincluding: receiving a digitally watermarked digital facial portrait ofthe person, the digital facial portrait having at least one digitalwatermark carrying payload data that identifies the person portrayed inthe digital facial portrait; authenticating the person in the digitalfacial portrait based on the payload data carried in the at least onedigital watermark

Implementations may include one or more of the following features.Receiving a digitally watermarked digital facial portrait of the personmay include scanning the digitally watermarked digital facial portrait.Receiving a digitally watermarked digital facial portrait of the personmay include receiving a digitally watermarked digital facial portraitfrom another mobile computing device. Receiving a digitally watermarkeddigital facial portrait of the person may include receiving the digitalfacial portrait having more than one digital watermarks, each carryingrespective payload data, and authenticating the person may includevalidating the more than one digital watermarks by cross-correlating therespective payload data.

In yet still another aspect, some implementations may provide a mobilecomputing device for authenticating a person, the mobile computingdevice including at least one processor configured to perform operationsincluding: receiving a digitally watermarked digital facial portrait ofthe person, the digital facial portrait having at least one digitalwatermark carrying payload data that identifies the person portrayed inthe digital facial portrait; and authenticating the person in thedigital facial portrait based on the payload data carried in the atleast one digital watermark.

Implementations may include one or more of the following features.Receiving a digitally watermarked digital facial portrait of the personmay include scanning the digitally watermarked digital facial portrait.Receiving a digitally watermarked digital facial portrait of the personmay include receiving a digitally watermarked digital facial portraitfrom another mobile computing device. Receiving a digitally watermarkeddigital facial portrait of the person may include receiving the digitalfacial portrait having more than one digital watermarks, each carryingrespective payload data, and authenticating the person may includevalidating the more than one digital watermarks by cross-correlating therespective payload data.

In yet another aspect, some implementations may provide acomputer-readable medium comprising software instructions that whenexecuted by one or more processors, cause the one or more processors toperform the operations of: A computer-readable medium, comprisinginformation encoding a digitally watermarked digital facial portrait ofa subject, the digitally watermarked digital facial portrait generatedby: receiving a digital facial portrait of a subject; applying at leastone digital watermark to the digital facial portrait, the at least onedigital watermark comprising payload data identifying the subject; andissuing the digitally watermarked digital facial portrait as anidentification of the subject.

Implementations of the above techniques include a method, computerprogram product and a system. The computer program product is suitablyembodied in a non-transitory machine-readable medium and includesinstructions executable by one or more processors. The instructions areconfigured to cause the one or more processors to perform the abovedescribed actions.

The system includes one or more processors and instructions embedded ina non-transitory machine-readable medium that are executable by the oneor more processors. The instructions, when executed, are configured tocause the one or more processors to perform the above described actions.The default position is not to use any external databases, but thesystem could be configured to perform a database check if needed.

The details of one or more aspects of the subject matter described inthis specification are set forth in the accompanying drawings and thedescription below. Other features, aspects, and advantages of thesubject matter will become apparent from the description, the drawings,and the claims.

DESCRIPTION OF DRAWINGS

FIG. 1 illustrates an example identification document according to someimplementations.

FIG. 2A is a flow chart showing an example method of combining luminanceand chrominance modulations to digitally watermark an identificationdocument according to some implementations.

FIG. 2B is a flow chart showing an example of a method for determiningcorrelatable portions of personally identifiable information forluminance and chrominance modulations according to some implementations.

FIG. 2C shows an example identification document digitally watermarkedaccording to some implementations.

FIG. 3A is a flow chart showing an example method of authenticating anidentification document based on the luminance and chrominancemodulations of digital watermarks according to some implementations.

FIG. 3B is a flow chart showing an example method of correlatingportions of personally identifiable information according to someimplementations.

FIG. 3C is a flow chart showing an example method of validatingportion(s) of personally identifiable information encoded by a digitalwatermark according to some implementations.

FIG. 4A is a flow chart showing an example method of combining abiometric and a digital watermark on a digital identification documentaccording to some implementations.

FIG. 4B is a flow chart showing an example process of renewing a digitalidentification document according to some implementations.

FIG. 4C is a flow chart showing an example process of replacing adigital identification document according to some implementations.

FIG. 4D is a flow chart showing an example method of securing thedigital identification document according to some implementations.

FIG. 4E shows an example digital identification document displayed on amobile device according to some implementations.

FIG. 5A is a flow chart showing an example method of validating thedigital identification document according to some implementations.

FIG. 5B is a flow chart showing an example process of validating thedigital identification document according to some implementations.

FIG. 5C is a flow chart showing an example method of validating thedigital identification document according to some implementations.

FIG. 6A is a flow chart showing an example method of digitallywatermarking a digital facial portrait as a machine-readable codeaccording to some implementations.

FIG. 6B is a flow chart showing an example process of renewing adigitally watermarked digital facial portrait according to someimplementations.

FIG. 6C is a flow chart showing an example process of replacing adigitally watermarked digital facial portrait according to someimplementations.

FIG. 6D is a flow chart showing an example method of securing adigitally watermarked digital facial portrait according to someimplementations.

FIG. 6E shows an example digitally watermarked digital facial portraitdisplayed on a mobile device according to some implementations.

FIG. 7A is a flow chart showing an example method of validating thedigitally watermarked digital facial portrait according to someimplementations.

FIG. 7B is a flow chart showing an example process of authenticating thedigital watermarked digital facial portrait.

FIG. 8 is a diagram showing an example reading device for validating anidentification document according to some implementations.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

Digital facial portrait of a person can be digitally watermarked toprovide identification of the person and authentication of the digitalfacial portrait. The digital facial portrait may be compared to thepresenter to verify that the presenter is the same person as portrayedin the digital facial portrait. The digital watermark may be embedded inthe digital facial portrait in a variety of ways to encode payload datalinked to the person portrayed in the digital facial portrait. Thedigital watermark may be covert and imperceptible to naked eyes. Thepayload data may be retrieved to verify that the digital facial portraitis authentic and has not been tampered with electronically. Theverification may be implemented in a variety of ways, including the useof security check information or the use of a system of record stored ata remote server. Thus, digitally watermarked digital facial portrait, asdisclosed herein, may be serve as a machine-readable code to provideconvenient and secure identification of a person.

FIG. 1 illustrates an example identification document 100 according tosome implementations. Identification document 100 may be agovernment-issued identification document, such as, for example, adriver's license issued by the department of motor vehicles (DMV) of astate, a passport issued by the state department, a social security cardissued by the social security administration (SSA), a medicare cardissued by the department of health and human services (DHS), a Medicaidcard issued by the DHHS, etc. The identification document may be issuedby a government entity, for example, the DMV at the state level, or thestate department at the federal level. The identification document mayalso be issued by non-government entities, such as a contracting entityof a government agency. Identification document 100 may also be otheridentification documents, such as, for example, a student identificationcard issued by a school, a membership card issued by an organization, anemployee identification card issued by an employer, etc.

Portrait 102 may include a facial portrait of the holder of theidentification document. The facial portrait may identify the personholding the identification document. The facial portrait may be 2×2 inand showing the front face of the holder. In some implementations,portrait 102 may include a facial biometric of the document holder. Insome implementations, portrait 102 may manifest as other forms ofbiometrics, such as, for example, a finger-print, a palm-print, a retinascan, a iris scan, a pupil scan, etc.

Personally identifiable information 104 may include name (including fullname, first name, last name, middle/initials), residential address,gender, nationality, occupation, marital status, eye color, hair color,blood type etc. Personally identifiable information 104 may also includenumerical terms such as date of birth, height, weight, election zone,document number, issue date, etc. Portions of personally identifiableinformation may be printed on the identification document.

Identification document 100 may be verified by reader 106. Reader 106may represent a human inspector, for example, a cashier at a liquorstore, a security guard at a building, etc. In some implementations, thehuman inspector may be assisted by a reader device. The identificationdocument may be analyzed by reader 106 to verify that (i) theidentification document is authentic and has not been forged or altered;(ii) the person presenting the identification document is the personidentified by the identification document.

To prove the source of an identification document, digital watermark maybe embedded into an identification document. Additionally, digitalwatermark may carry personally identifiable information about theholder. Thus, the digital watermark can be used on an identificationdocument to authenticate the identification document and carryinformation about the identity of the holder

Digital watermark may be secure, covert and machine-readable. Digitalwatermark may be generally imperceptible to naked eyes. In fact, thedigital watermark may generally appear as noise, for example, added to abackground noise. However, altering a digital watermark may be virtuallyimpossible, and the mere lack of presence of a digital watermark canimmediately indicate tampering and likely counterfeiting. Hence, digitalwatermarks used in an identification document may provide strong andeffective deterrence to counterfeit.

To validate an identification document, steganography may analyze thedigital watermark to identify the source and reveal the informationidentifying the holder. In some implementations, data contents encodedby the digital watermarks may be encrypted so that the encoded datacontents may remain secure, as an additional security mechanism. Suchencrypted data contents may be decrypted first. In some implementations,the digital watermark may be initially analyzed to extract frequencydomain information. The frequency domain information may includespectrum information manifested by, for example, the digital cosinetransforms (DCT) coefficients in a particular spatial frequency range.In contrast to spatial domain information, such frequency domaininformation may be robust to cropping or translation of the originaldocument. Hence, the frequency domain information may be moretamper-proof and more resilient to artifacts during field use. Likewise,mixed-domain information, i.e., information from both spatial domain andfrequency domain may provide similar degree of robustness againsttampering and artifacts. However, the implementations disclosed hereinare not limited to the use of frequency domain information alone or theuse of mixed-domain information. Spatial domain information may be usedaccording to the same scheme as disclosed herein.

FIG. 2A is a flow chart showing an example method of combining luminanceand chrominance modulations to digitally watermark an identificationdocument according to some implementations. A spatial luminance patternassociated with a first digital watermark may be modulated to encode afirst portion of personally identifiable information (202). The spatialluminance pattern may refer to an intensity map of brightness. Theluminance may be gamma corrected, and referred to as luma. Gammacorrection generally tailors the presentation of brightness in anon-linear fashion, for example, according to a power-law. Thenon-linear correction may enhance visual perception of the encodedcolor. The modulation may manifest as, for example, a spatial Moire'spattern. Moire's patterns may include line patterns, complex shapes, oreven symbols. The patterns, shapes, and symbols may be linked to theissuer, such as the DMV, the state department, an employer, etc. Themodulation may reveal the information encoded, such as a number or analphabatic letter. The encoded information may also be embedded in thegranny noise of the intensity pattern and may be undetectable to thenaked eyes. Moreover, the encoded information may be encrypted toprovide additional security.

On the same identification document, a spatial chrominance distributionassociated with a second digital watermark may be modulated (204). Thechrominance pattern may refer to a color map. Color maps may be indexedin a multi-dimensional color space. For example, an RGB space may bebased on the primary colors of red, green, and blue. An example colorspace may also be based on the three primary colors of cyan, magenta,and yellow. In some implementations, the chrominance pattern may alsouse a color map indexed by two components, for example, based on the Uand V components of the YUV model, or based on the Cb and Cr componentsof the YCbCr model, or based on the Pb and Pr components of the YPbPrmodel. The encoded information may manifest as color smear patternsshowing numbers, alphabetical letters, or symbols. The encodedinformation may appear as color aberration noise unperceivable to nakedeyes. Similar to the first digital watermark with modulated spatialluminance pattern, the second modulated spatial chrominance distributionmay carry encrypted information.

In some implementations, the first digital watermark with the modulatedspatial luminance pattern and the second digital watermark with themodulated spatial chrominance distribution may be applied to the sameidentification document (206). The two digital watermarks may be appliedto different sides of the identification document, for example, thefront and back of a driver license, front and back of any given page ofa passport, etc. The two digital watermarks may be applied to differentregions on the same side of the identification document. The two regionswhere each digital watermark has been applied may share a common region.The two digital watermarks may also be applied to the same region on thesame side of the identification document. The two digital watermarks maybe applied to different grating structures underneath the same page ofthe identification document such that only one digital watermark isdetectable from a given viewing angle or a particular viewing direction.In other words, detection of the given digital watermark may beviewing-angle dependent or viewing-direction dependent.

The first digital watermark with luminance modulations and the seconddigital watermark with chrominance modulations may encode a common pieceof information based on which the two digital watermarks may mutuallyauthenticate each other. The process may be known as across-correlation. To cross-correlate the information encoded by the twodigital watermarks, a correlatable portion of information may bedetermined for the correlation purpose. The determination may take placewhen the digital watermarks are being applied to the identificationdocument. The digital watermarks on an identification document mayencode information identifying the issuing entity, such as, for example,the DMV, the state department, the employer. The digital watermarks onan identification document may encode personally identifiableinformation about the holder of the identification document. Asdiscussed above, personally identifiable information may include name(including full name, first name, last name, middle/initials), date ofbirth, height, weight, residential address, gender, nationality,occupation, marital status, eye color, hair color, blood type electionzone, document number, issue date, etc.

FIG. 2B is a flow chart showing an example of a method for determiningcorrelatable portions of personally identifiable information forluminance and chrominance modulations according to some implementations.Determining a first portion of personally identifiable information (212)may take place during the stage of modulating the luminance pattern ofthe first digital watermark (202). The first portion of personallyidentifiable information may include any portion of personallyidentifiable information as discussed above. Likewise, determining asecond portion of personally identifiable information (214) may takeplace during the stage of modulating the chrominance distribution of thesecond digital watermark (204) and the second portion of personallyidentifiable information may also include any portion of the personallyidentifiable information as discussed above. Nonetheless, the firstportion of personally identifiable information may include first datathat is correlatable with second data from the second portion ofpersonally identifiable information. The first data may be identical incontents to the second data. Correlating the first data with the seconddata may be a comparison of the first data and the second data. Thecomparison may be a string comparison. The comparison may also be anumerical subtraction. The first data and the second data, oncecombined, may reveal a piece of personally identifiable information ofthe holder. For example, the first data may include the odd digits ofthe birth date while the second data may include the even digits of thebirth date. For example, the first data may be the beginning five digitsof the holder's social security number while the second data may be theending four digits of the holder's social security number. Correlatingthe first data with the second data may be a string combination orconcatenation. In some implementations, the correlatable data may beinformation other than the personally identifiable information of theholder. For example, the correlatable data may be the issuingauthority's emblem symbol, acronym of the employer, etc. As discussedabove, the first portion and the second portion may be encrypted.

The digital watermark with luminance modulation and the digitalwatermark with chrominance modulation may be applied to the sameidentification document. The two distinct digital watermarkingmechanisms may be applied either a physical identification document or adigital identification document. FIG. 2C shows a physical identificationdocument 220 and a digital identification document 222 displayed on amobile device.

To valid the identification document, the two digital watermarks may beanalyzed and the information encoded by each digital watermark may becompared against each other. FIG. 3A is a flow chart showing an examplemethod of authenticating an identification document based on theluminance and chrominance modulations of digital watermarks according tosome implementations. An identification document may be received (301).The identification document may be digitally watermarked as discussedabove. For example, the identification document may include a firstdigital watermark with a modulated spatial luminance pattern and asecond digital watermark with a modulated spatial chrominancedistribution. The first digital watermark may be retrieved by a scanningdevice (302). The scanning device may be configured to read themachine-readable luminance pattern encoding the first portion ofpersonally identifiable information. As a result, the first portion ofpersonally identifiable information 306 may be extracted from thespatial luminance pattern associated with the first digital watermark(304). Likewise, the scanner may retrieve the second digital watermarkfrom the identification document (312). As discussed above, the seconddigital watermark may include a spatial chrominance distribution toencode a second portion of personally identifiable information. Thescanner device may be configured to extract the second portion ofpersonally identifiable information 316 from the spatial chrominancedistribution of the second digital watermark (314). When reading out thefirst portion of personally identifiable information 306 and the secondportion of personally identifiable information 316, the scanning devicemay be configured to extract the encoded information simultaneously. Theencoded information may be encrypted, for example, by the private key ofthe issuing authority. In some implementations, the scanning device maybe configured to decrypt the encoded information, for example, by usinga public key of the issuing authority. The identification document maybe validated based on the first portion of personally identifiableinformation as well as the second portion of personally identifiableinformation (310).

FIG. 3B is a flow chart showing an example method of correlatingportions of personally identifiable information according to someimplementations. In validating the identification document (310), thefirst portion of personally identifiable information may be correlatedwith the second portion of personally identifiable information (322).The first and second portions of personally identifiable information mayinclude a common piece of information, for example, the holder's birthdate. Correlating the first and second portions may include comparing apiece of information meant to be identical in contents and encoded bytwo independent mechanisms. As discussed above, correlating may alsoinclude combining or concatenating pieces of information from the firstand second portions. The correlation may yield a matching resultindicating a confirmation the identification document is authentic(324).

The match may not be perfect. In some implementations, for example, thefrequency domain information encoded by the two digital watermarks maybe incomplete due to losses in the scanning process. In someimplementations, the degree of match may depend on the context of theapplication. For example, for applications involving mobile transactionswith a financial sum of under $500, a lower degree of match level may besufficient. While for applications involving accessing high securityfacilities such as nuclear plant to military installation, a higherdegree of match may be adopted. In some implementations, the matchingprocess may depend on jurisdiction. For example, in some states whichadopted a less sophisticated digital watermark, a more primitive matchprocedure may be performed. Even in states that have adopted a moresophisticated digital watermark, a legacy digital identificationdocument may still use the old and less sophisticated digitalwatermarking. The legacy identification document may still be honored bya more primitive matching procedure. In some implementations,ascertaining whether there is a substantial match may further factor inusage history of the holder of the identification document. For example,if the person requesting access at the building has frequently gainedaccess to the building in the past, then the degree of match may belessened to simplify the process. In a similar vein, a trusted visitordatabase can be set up to track such visitors and potentially speed upthe validation process.

If substantial match has been found between the encoded data from thefirst and second portions of identification document, then theauthenticity of the identification document may be confirmed (324).Conversely, if substantial match has not been found between the encodeddata from the first and second portions of identification document, thenthe authenticity of the identification document may not be confirmed. Insome implementations, the holder of the identification document may bealerted if the authenticity of the identification document cannot beestablished. The alert may sent through email, automatic voicemail,short message service (SMS) message, etc., to a registered account ofthe holder of the identification document.

FIG. 3C is a flow chart showing an example method of validatingportion(s) of personally identifiable information encoded by a digitalwatermark according to some implementations. In some implementations,the scanner device may transmit the decoded first portion of personallyidentifiable information or the second portion of personallyidentifiable information to a server for validation (332). Thetransmitted personally identifiable information may include informationnot printed on the identification document or information encrypted bythe issuing authority of the identification document. The server may bemaintained by the issuing authority or a proxy of the issuing authority.If the personally identifiable information received at the server hasbeen encrypted by the issuing authority, the server may first decryptthe received information. The encryption may utilize a public key of theissuing authority and may be decrypted by the corresponding private keyof the issuing authority. The encrypted information may also include anintegrity check. Example integrity checks may include a check sum, ahash, a cyclic redundancy check (CRC) code, etc.

The server may compare the received personally identifiable informationwith a record stored in the database. In comparing the receivedpersonally identifiable information against the database, the server mayimplement different levels of matching depending on the context of theapplication, as discussed above. If an adequate match has beenidentified, the server may notify the scanning device of the match. If,however, no adequate match can be identified, the server may alert thescanning device of the lack of match. Therefore, the scanning device mayreceive validation results from the server (334), according to someimplementations.

In some implementations, the digital watermark(s) may be combined with adigital biometric to provide a digital identification document forsecure authentication. FIG. 4A is a flow chart showing an example methodof combining a biometric and a digital watermark on a digitalidentification document according to some implementations. A digitalbiometric of a subject may be received (402). The digital biometric maybe a digital representation of a biometric. The digital representationmay be in the form of a binary file stored in a storage device, such as,for example, hard disk drive, non-volatile memory, dynamic random accessmemory, etc. The biometric may include a facial portrait, afinger-print, a palm-print, a iris pattern, a retina pattern, etc. of asubject. The digital biometric may the biometric encoded in any digitalencoding scheme suitable for storage on a computing device having atleast one processor. The encoding scheme may account for the underlyingprocessor architecture, for example, big endian or little endian.

Characteristics may be extracted from the digital biometric (404). Forexample, a facial recognition software may extract facialcharacteristics from a digital facial portrait of the subject. In someimplementations, an analytical algorithm may extract characteristicsfrom a finger-print, for example, by decomposing the finger-printpattern into principal components (also known as singular valuedecomposition). In some implementations, an analytic algorithm mayextract characteristics from a finger-print based on coefficients fromedge preserving transformations such as wavelet transforms, Houghtransforms, etc. Similar analytical algorithms may be applied to extractcharacteristics from a palm-print, an iris pattern, a retina pattern, apupil pattern, etc.

The extracted characteristics may serve as a compressed representationof the digital biometric. The extracted characteristics may then bestored at a searchable database (406). Using the extractedcharacteristics, rather than the full digital biometric may reducestorage space requirement or enhance search speed. In someimplementations, the extracted characteristics may be stored at acentral server managed by the entity issuing the identificationdocument. In some implementations, a copy of the extractedcharacteristics may be stored on a mobile device of the subject, i.e.,the person from whom the digital biometric was taken.

Next, a digital watermark may be applied to the digital biometric of thesubject (408). In some implementations, the digital watermark may beapplied to an area other than the digital biometric on the digitalidentification document. The digital watermark may be applied to encodeany number, letter, or symbology in accordance with the descriptionherein. In some implementations, digital watermarks including bothluminance and chrominance modulations may be applied, as describedabove. In some implementations, the encoded information may beencrypted, as disclosed above. In some implementations, the digitalwatermarks may encode personally identifiable information of thesubject. As discussed herein, the personally identifiable informationmay include name (including full name, first name, last name,middle/initials), date of birth, height, weight, residential address,gender, nationality, occupation, marital status, eye color, hair color,blood type election zone, document number, issue date, etc. In someimplementations, the digital watermarks may encode informationindicating the source or the issuing entity of the digitalidentification document.

Thereafter, a digital identification document may be issued (410). Thedigital identification document may include both the digital biometricand the digital watermark. In some implementations, the digitalidentification document may include a digitally watermarked digitalbiometric. The digital identification document may be issued to a mobiledevice of the subject. Example mobile devices may include smart phones,such as, for example, an iPhone, a Samsung smart phone, a HTC smartphone, an Android smart phone, a Windows smart phone, etc. In addition,mobile device may include a tablet device, for example, an iPad, aSamsung Note device, a Microsoft touch device, etc. Further, mobiledevice may also include a laptop device, or even a desktop computer athome. The digital identification document may be issued in the form of adigital file stored on the mobile device.

A digital identification document can lead to increased ease in documentrenewal or replacement. FIG. 4B is a flow chart showing an exampleprocess of renewing a digital identification document according to someimplementations. A request to renew the digital identification documentmay be received (412). The request may be received on-line by a serverat the issuing entity. The server may verify the renewal request (414).For example, the server may check the source of the renewal request toconfirm the validity of the request. The source may refer to theoriginating device, for example, the subject's mobile device. The sourcedevice may be verified based on a secured identifier associated with themobile device. The source may also refer to the requestor who submittedthe renewal request. The requestor may submit the request through anon-line account and therefore may be verified according to the userauthentication protocol for accessing the on-line account. In submittingthe renewal request, the subject may update some personally identifiableinformation, such as, for example, marital status, occupation,residential address, etc. The subject may also submit a more recentbiometric, such as, for example, a more recent facial portrait. Afterreceiving the updated personally identifiable information, the servermay update payload data associated with the digital watermarkaccordingly (416). As discussed above, the payload data may encode aportion of the personally identifiable information of the subject.Thereafter, the server may issue a renewed identification document(418). The renewed identification document may be issued to thesubject's mobile device for display in the same manner as describedabove. The renewed identification document may be issued with a newexpiration date later than the old expiration date on the replacedidentification document. In some implementations, the renewed digitalidentification document may incorporate updated information other thanpersonally identifiable information. Examples may include donor consentinformation. In issuing the renewed digital identification document,neither a physical trip to the issuing entity nor a physical copy may berequired.

Similar ease may be observed in the replacement process (for example,when the subject lost the digital identification document due to storagefailure). FIG. 4C is a flow chart showing an example process ofreplacing a digital identification document according to someimplementations. A request to replace the digital identificationdocument may be received (422). The request may be received on-line by aserver at the issuing entity. The server may verify the replacementrequest (424) by means similar to the descriptions above. Thereplacement request may update the personally identifiable informationof the subject which may cause the server to update the payload dataassociated with the digital watermark to be applied (426). Thereafter,the replacement digital identification document may be issued (428) inaccordance with the descriptions herein. In some implementations, theidentification document may be issued with a version number todistinguish from the replaced identification document. The versionnumber may be tracked by the server in future administrations. In someimplementations, the renewed digital identification document mayincorporate updated information other than personally identifiableinformation. Examples may include donor consent information. Similar tothe disposition of a renewal request, neither a physical trip to theissuing entity nor a physical copy may be required.

Likewise, revocation or suspension of a digital identification documentmay be accomplished without a physical trip to the issuing entity or thedestruction of a physical document. In some implementations, arevocation request may be submitted on-line to a server at the issuingentity. After verifying the revocation request, the server may revokethe digital identification document by removing the digitalidentification document from the storage medium on the mobile device ofthe document holder. In some implementations, the server may issue arevoked digital identification document to over-write the originaldigital identification document. In so doing, the server may keep aversion number of the digital identification document issued. Theversion number may be checked when the holder attempts to validate thedigital identification document on the holder's mobile device.

FIG. 4D is a flow chart showing an example method of securing thedigital identification document according to some implementations. Inaddition to encryption, the integrity of the digital identificationdocument may be secured (432), for example, by security checkinformation embedded into the digital identification document. Theembedded security check information may be encrypted as described above.In particular, the integrity check information may be embedded into thedigital identification document based on which alterations of thedigital identification document can be detected. For example, securitycheck information may be generated based on the contents of the digitalidentification document (434). Such security check information mayinclude but may not be limited to a check sum, a hash, a cyclicredundancy check (CRC) code, etc. The security check information may bestored for comparison. In some implementations, the security checkinformation may be stored on a server at the issuing entity. In someimplementations, the security check information may be stored on themobile device. The stored copy may be compared against at the time ofservice.

FIG. 4E shows a digital identification document 440 according to someimplementations. Digital identification document 440 may be displayedon, for example, the touch screen of a smartphone. The size of thedisplayed digital identification document may be mimic the size of aphysical identification document. For example, a driver's license may beof the dimension of ID-1. ISO/IEC 7810 standard for ID-1 is nominally85.60 by 53.98 millimeters (3.370 in×2.125 in), which is about the sizeof a credit card. The display may be implemented by a custom applicationcapable of handling the file format of the digital identificationdocument. The custom application may prevent screen capture programsfrom saving the screen display to generate a screen copy of the digitalidentification document. In some implementations, the digitalidentification document may only be viewable from the custom applicationon the subject's mobile device. For example, the digital identificationdocument may be encrypted by a public key of the mobile device of thesubject. The corresponding private key may be tied to the mobile deviceand accessible only from the mobile device. As a result, only thesubject's mobile device may be capable of displaying the digitalidentification document to a human inspector. The digital identificationdocument may be encrypted using the issuing entity's private key and thecustom software may be configured to decrypt only with the issuer'spublic key.

FIG. 5A is a flow chart showing an example method of validating thedigital identification document according to some implementations. Thevalidation may be performed at a point of service. A point of servicemay refer to a point of sale, when the holder of the identificationdocument attempts to buy or sell a merchandize. A point of server maygenerally refer to a point of transaction, when the holder of theidentification document attempts to access an account, obtain entry intoa facility, or any type of transaction for which a proof of identity maybe required. At a point of service, when the holder of the digitalidentification document presents the digital identification document toprove his/her identity, the holder may present the touch screen of amobile device to a human inspector. The human inspector may compare thedisplayed portrait against the presenter. If the displayed portrait doesnot match the presenter, the human inspector may reject any identityclaim made by the presenter. In some implementations, if the humaninspector determines that the displayed portrait matches the presenter,the human inspector may defer further processing to a reading device. Insome implementations, the entire inspection may be performed by areading device. The reading device may be any computing device with aprocessor and a transceiver as a data communications interface. To beginwith, data encoding the digital identification document may be receivedby a reading device (501). The reading device may receive the digitalidentification document by scanning the touch screen of a mobile device.The reading device may receive the digital identification document via acommunication link so that data encoding the digital identificationdocument may be transmitted to the reading device, while a humaninspector may inspect the digital identification document. Thetransmission of the data encoding the digital identification documentmay be wireless. In other words, the digital identification document maybe beamed to the reading device.

Once the reading device receives the digital identification document,both the digital biometric (502) and the digital watermark (512) may bereceived at the reading device. The reading device may retrieve a firstportion of personally identifiable information associated with thedigital biometric (504). In some implementations, characteristics may beextracted from the digital biometric. As described above, thesecharacteristics may include, for example, principal component valuesfrom a singular value decomposition, wavelet coefficients from a wavelettransform, etc. In some implementations, the extracted characteristicsmay be generated by facial recognition software on the reading device.In some implementations, the extracted characteristics may be comparedagainst a searchable database at the point of service. In someimplementations, the extracted characteristics may be transmitted to acentral server. Referring to FIG. 5B, data encoding the extractedcharacteristics may be transmitted to a searchable database on thecentral server for comparison (520). If the search yields a match, thenthe corresponding personally identifiable information of the holder ofthe digital identification document may be retrieved. As discussedabove, when issuing the digital identification document, a portion ofthe personally identifiable information associated with holder of thedigital identification document may be stored on a searchable databaseof the issuing entity. The portion of the personally identifiableinformation stored at the server may be referred to as the first portionof the personally identifiable information. The server at the issuingentity may transmit the first portion of personally identifiableinformation back to the reading device. Thus, the first portion ofpersonally identifiable information may be received at the point ofservice (522). As discussed above, the characteristics of the digitalbiometric may be a compact representation of the digital biometric andthe overhead of storage or communication to the server may be reduced.

Returning to FIG. 5A, a second portion of personally identifiableinformation 516 associated with the second digital watermark may beextracted (514). The extraction may be performed by the reading deviceon the digital identification document. Thereafter, the validity of thedigital identification document may be confirmed based on the firstportion of personally identifiable information 506 with the secondportion of personally identifiable information 516 (510). Referring toFIG. 5B, the reading device may correlate the first portion ofpersonally identifiable information 506 with the second portion ofpersonally identifiable information 516 (524). In some implementations,the first and second portions of personally identifiable information mayinclude a common piece of information, for example, the holder's birthdate. Correlating the first and second portions may include comparing apiece of information meant to be identical in contents albeit encoded bytwo independent mechanisms. In addition, the two portions of personallyidentifiable information may be stored and retrieved separately. Theinherent redundancy may further enhance confidence in validitydetermination. In some implementations, correlating may also includecombining or concatenating pieces of information from the first andsecond portions. The correlation may yield a matching result confirmingthat the digital identification document is authentic (526). Asdiscussed above, the match may not be perfect and may depend on thequality of the scanned image of the digital identification document, thecontext of the application, the sophistication of digital watermarkingat a particular jurisdiction, or prior dealings of the holder of thedigital identification document.

FIG. 5C is a flow chart showing an example method of validating thedigital identification document according to some implementations. Insome implementations, once the digital biometric is received at thereading device, the characteristics of the digital biometric may beextracted (530) and then transmitted to a server at the issuing entity(532). Likewise, once the digital watermark has been received at thereading device, the encoded personally identifiable information may beextracted by the reading device (534). In accordance with thediscussions above, the extracted personally identifiable information maybe referred to as the second portion of personally identifiableinformation. The reading device may transmit the second portion of thepersonally identifiable information to the server (536). The server maybe then validate the digital identification document. For example, theserver may retrieve the first portion of personally identifiableinformation by searching the extracted characteristics against recordsin the searchable database. As discussed above, a matching record mayreveal the first portion of the personally identifiable information. Theserver may then correlate the two portions of personally identifiableinformation to validate the digital identification document. The readingdevice may receive the validation results (538) and then notify thehuman inspector at the point of service. The notification may include avisual display of a textual message, an iconic message on a graphicdisplay, a voice message, etc.

To prove identity at a point of service, a digitally watermarkedportrait may be used a personalized QR code in some implementations.FIG. 6A is a flow chart showing an example method of digitallywatermarking a digital facial portrait as a machine-readable codeaccording to some implementations. A digital facial portrait of asubject may be received at a server of an issuing entity (602). Thedigital facial portrait may be digitally stored on a storage device onthe server. The facial portrait may be taken from the subject at anylocations and may not be limited to studios or DMV offices. The digitalfacial portrait may have a virtual backdrop that replaces the actualbackdrop. The digital facial portrait may comply with existing standardson biometrics, such as, for example, the International Civil AviationOrganization (ICAO) standard. The digital facial portrait may alsocomply with other standards under development.

Thereafter, at least one digital watermark may be applied to the digitalfacial portrait of the subject (408). The applied digital watermark mayidentify payload data associated with the subject. In someimplementations, a digital watermark may be applied to carry payloaddata encoding a portion of personally identifiable information of thesubject. For example, the digital watermark may include modulatedMoire's pattern to carry the payload data. In some implementations, thedigital watermark may be linked to personally identifiable information.For example, the digital watermark may include symbology marksidentifying the subject being portrayed. In some implementations,digital watermarks including both luminance and chrominance modulationsmay be applied, as described above. In some implementations, the encodedinformation may be encrypted, as disclosed above. As discussed herein,the personally identifiable information may include name (including fullname, first name, last name, middle/initials), date of birth, height,weight, residential address, gender, nationality, occupation, maritalstatus, eye color, hair color, blood type election zone, documentnumber, issue date, etc. In some implementations, the digital watermarksmay encode information indicating the source or the issuing entity ofthe digital identification document.

Subsequently, the digitally watermarked digital facial portrait may beissued as a machine-readable code (606). In some implementations, thedigitally watermarked digital facial portrait may be issued to a mobiledevice of the subject, for example, in the form of a digital file storedon the mobile device, as discussed above.

The digitally watermarked digital facial portrait may lead to increasedease in document management. FIG. 6B is a flow chart showing an exampleprocess of renewing a digitally watermarked digital facial portraitaccording to some implementations. A request to renew the digitallywatermarked digital facial portrait may be received (612). The renewalrequest may be received at the server of the issuing entity. The renewalrequest may be verified (614). For example, the server may check thesource of the renewal request to confirm the validity of the request.The source may refer to the originating device, for example, thesubject's mobile device. The source device may be verified based on asecured identifier associated with the mobile device. The source mayalso refer to the requestor who submitted the renewal request. Therequestor may submit the request through an on-line account andtherefore may be verified according to the user authentication protocolfor accessing the on-line account. In submitting the renewal request,the subject may update some personally identifiable information, suchas, for example, marital status, occupation, residential address, etc.The subject may also submit a more recent facial portrait. Afterreceiving the updated personally identifiable information, the servermay update payload data associated with the digital watermarkaccordingly (616). As discussed above, the payload data may encode aportion of the personally identifiable information of the subject.Thereafter, the server may issue a renewed digitally watermarked digitalfacial portrait (618). The renewed digitally watermarked digital facialportrait may be issued to the subject's mobile device for display in thesame manner as described above. The renewed digitally watermarkeddigital facial portrait may be issued with a new expiration date laterthan the old expiration date of the replaced digitally watermarkeddigital facial portrait. In issuing the renewed digitally watermarkeddigital facial portrait, neither a physical trip to the issuing entitynor a physical copy may be required.

Similar ease may be observed in the replacement process of the digitallywatermarked digital facial portrait. FIG. 6C is a flow chart showing anexample process of replacing a digitally watermarked digital facialportrait according to some implementations. A request to replace thedigitally watermarked digital facial portrait may be received (622). Therequest may be received on-line by a server at the issuing entity. Theserver may verify the replacement request (424) by means similar to thedescriptions above. The replacement request may update the personallyidentifiable information of the subject which may cause the server toupdate the payload data associated with the digital watermark to beapplied (626). Thereafter, the replacement digitally watermarked digitalfacial portrait may be issued (428) in accordance with the descriptionsherein. In some implementations, the digitally watermarked digitalfacial portrait may be issued with a version number to distinguish fromthe replaced digitally watermarked digital facial portrait. The versionnumber may be tracked by the server in future administrations. Similarto the disposition of a renewal request, neither a physical trip to theissuing entity nor a physical copy may be required.

FIG. 6D is a flow chart showing an example method of securing adigitally watermarked digital facial portrait according to someimplementations. In addition to encryption, the integrity of thedigitally watermarked digital facial portrait may be secured (632), forexample, based on security check information embedded into the digitallywatermarked digital facial portrait. In particular, the integrity checkinformation may be embedded into the digitally watermarked digitalfacial portrait based on which alterations of the digitally watermarkeddigital facial portrait can be detected. For example, security checkinformation may be generated based on the contents of the digitallywatermarked digital facial portrait (434). Such security checkinformation may include but may not be limited to a check sum, a hash, acyclic redundancy check (CRC) code, etc. The generated security checkinformation may be stored for comparison. In some implementations, thesecurity check information may be stored on a server at the issuingentity. In some implementations, the security check information may bestored on the mobile device. The stored copy may be compared against atthe time of service.

The digitally watermarked digital facial portrait may be displayed on,for example, a touch screen of the mobile device. FIG. 6E shows anexample digitally watermarked digital facial portrait 640 displayed onthe touch screen of a mobile device. The display may be managed by acustom application program on the mobile device with any of the securityfeatures described herein.

FIG. 7A is a flow chart showing an example method of validating thedigitally watermarked digital facial portrait according to someimplementations. As discussed above, the validation may be performed ata point of service. At a point of service, when the person presents thedigitally watermarked digital facial portrait to prove his/her identity,the person may present the touch screen of a mobile device to a humaninspector. The human inspector may compare the displayed portraitagainst the presenter. If the displayed portrait does not match thepresenter, the human inspector may reject any identity claim made by thepresenter. In some implementations, if the human inspector determinesthat the displayed portrait matches the presenter, the human inspectormay defer further processing to a reading device.

In some implementations, the entire inspection may be performed by areading device. The reading device may be any computing device with aprocessor and a transceiver as a data communications interface. Thedigitally watermarked digital facial portrait may be received at areading device (702). For example, the reading device may receive thedigitally watermarked digital facial portrait by scanning the touchscreen of a mobile device. The reading device may receive the digitallywatermarked digital facial portrait via a communication link so thatdata encoding the digitally watermarked digital facial portrait may betransmitted to the reading device. The transmission of the data encodingthe digital identification document may be wireless. In other words, thedigital identification document may be beamed to the reading device.Thus, the reading device may obtain data encoding the digitallywatermarked digital facial portrait (704). In some implementations, thereading device may be configured to take a photo portrait of thepresenter and then automatically compare the photo portrait with thedigital facial portrait using facial recognition. The reading device maythen receive results of comparison between the digital facial portraitand the presenter (706). The results may indicate whether the digitalfacial portrait matches the presenter (708). If the digital facialportrait does not match the presenter, the reading device may provideinstructions to the human inspector to reject all identity claims by thepresenter (710). If the digital facial portrait matches the presenter,the reading device may then confirm the presenter as the holder of thedigitally watermarked digital facial portrait (712).

The reading device may then retrieve payload data from the digitalwatermark (714) in accordance with descriptions herein. The readingdevice may then receive results of verifying the contents of the payloaddata (716). As discussed above, the verification may include correlatingtwo portions of personally identifiable information encoded byrespective digital watermarks. The respective digital watermarks mayincorporate separate modulation mechanism including luminance andchrominance. In some implementations, the verification may includecorrelating the personally identifiable information extracted from thedigital watermark with records at a searchable database on a server.

Referring to FIG. 7B, in some implementations, the reading device mayretrieve security check information from payload data of the digitalwatermark (730). As discussed above, the security check information maybe generated at the time of issuance. For example, the security checkinformation may capture a summary information of the digital facialportrait or personally identifiable information of the holder. Thesecurity check information may be a checksum, a hash, or any redundancychecking code. The retrieved security check information may be comparedagainst the same summary information obtained from the digital facialportrait. In some implementations, the security check information may betransmitted to the server at the issuing entity for comparison (732).The server may compare the security check information with the summaryinformation obtainable from the records at the server. As the discussedabove, the correlation may not be a perfect correlation. Instead, thequality of the correlation may depend on the context of the application,sophistication of the issuing authority, and prior dealings of theholder. Thereafter, the reading device may receive results of theverification from the server (734).

Returning to FIG. 7A, the results of correlation may indicate whetherthe contents of the payload data are verified. If the contents of thepayload data are not verified, the reading device may prompt the humaninspector to reject all identity claims by the presenter (720). If thecontents of the payload data are verified, the reader device mayindicate to the human inspector that the authenticity of the digitallywatermarked digital facial portrait has been confirmed (722).

FIG. 8 is a diagram showing an example reading device 800 for validatingan identification document according to some implementations. Readingdevice may be configured to read any of the identification document ordigital facial portrait watermarked in accordance with the descriptionherein. Reading device 800 may include data interface 802 to read indata. For example, data interface 802 may include a scanning device toscan an identification document presented, a digital identificationdocument displayed on the touch screen of a mobile device, a digitalfacial portrait displayed on the touch screen of a mobile device. Insome implementations, data interface 802 may read data from a physicalidentification document, for example, a magnetic stripe, a chip, etc. onthe identification document. In some implementations, data interface 802may establish a wireless link with a mobile device of the presenter of adigital identification document or digital facial portrait. Datainterface 802 may then receive data encoding the digital identificationdocument or the digital facial portrait through the wireless link. Thewireless link may utilize any region on the electromagnetic spectrum,including the infrared band.

Reading device may include processor 804 configured to validate theidentification document or the digital facial portrait in accordancewith the descriptions above. For example, processor 804 may beconfigured to implement facial recognition algorithms to extractcharacteristics from the portrait on the identification document.Processor 804 may be configured to implement feature recognitionalgorithms to extract characteristics from other biometrics such asfinger-prints, iris patterns etc. In some implementations, processor 804may be configured to retrieve personally identifiable information fromthe payload data associated with the digital watermarks. As discussedabove, processor 804 may be configured to validate an identificationdocument based on portions of personally identifiable informationidentified by respective digital watermarks using separate mechanisms.

Reading device 800 may include communication interface 806 configured totransmit data to a server at the issuing entity. The data may includethe extracted characteristics or the retrieved personally identificationdocument. As discussed above, the server may compare the extractedcharacteristics to records at a searchable database. The server maycompare the retrieved personally identifiable information againstrecords at the searchable database. Communication interface 806 may alsobe configured to receive verification results from the server.Communication interface may be built on wired or wireless technologiesto manage communication with the server.

Reading device 800 may additionally include feedback device 808.Feedback device 808 may be configured to provide instructions to a humaninspector. For example, feedback device 808 may include a graphicalinterface to display textual messages or iconic indications to the humaninspector. In some implementations, feedback device 808 may additionallyinclude sound devices to alert the human inspector of the verificationresults, for example, through a text to speech technology.

Implementations of the subject matter and the functional operationsdescribed in this specification can be implemented in digital electroniccircuitry, in tangibly-implemented computer software or firmware, incomputer hardware, including the structures disclosed in thisspecification and their structural equivalents, or in combinations ofone or more of them. Implementations of the subject matter described inthis specification can be implemented as one or more computer programs,i.e., one or more modules of computer program instructions encoded on atangible non transitory program carrier for execution by, or to controlthe operation of, data processing apparatus. The computer storage mediumcan be a machine-readable storage device, a machine-readable storagesubstrate, a random or serial access memory device, or a combination ofone or more of them.

The term “data processing apparatus” refers to data processing hardwareand encompasses all kinds of apparatus, devices, and machines forprocessing data, including, by way of example, a programmable processor,a computer, or multiple processors or computers. The apparatus can alsobe or further include special purpose logic circuitry, e.g., a centralprocessing unit (CPU), a FPGA (field programmable gate array), or anASIC (application specific integrated circuit). In some implementations,the data processing apparatus and/or special purpose logic circuitry maybe hardware-based and/or software-based. The apparatus can optionallyinclude code that creates an execution environment for computerprograms, e.g., code that constitutes processor firmware, a protocolstack, a database management system, an operating system, or acombination of one or more of them. The present disclosure contemplatesthe use of data processing apparatuses with or without conventionaloperating systems, for example Linux, UNIX, Windows, Mac OS, Android,iOS or any other suitable conventional operating system.

A computer program, which may also be referred to or described as aprogram, software, a software application, a module, a software module,a script, or code, can be written in any form of programming language,including compiled or interpreted languages, or declarative orprocedural languages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, or other unitsuitable for use in a computing environment. A computer program may, butneed not, correspond to a file in a file system. A program can be storedin a portion of a file that holds other programs or data, e.g., one ormore scripts stored in a markup language document, in a single filededicated to the program in question, or in multiple coordinated files,e.g., files that store one or more modules, sub programs, or portions ofcode. A computer program can be deployed to be executed on one computeror on multiple computers that are located at one site or distributedacross multiple sites and interconnected by a communication network.While portions of the programs illustrated in the various figures areshown as individual modules that implement the various features andfunctionality through various objects, methods, or other processes, theprograms may instead include a number of sub-modules, third partyservices, components, libraries, and such, as appropriate. Conversely,the features and functionality of various components can be combinedinto single components as appropriate.

The processes and logic flows described in this specification can beperformed by one or more programmable computers executing one or morecomputer programs to perform functions by operating on input data andgenerating output. The processes and logic flows can also be performedby, and apparatus can also be implemented as, special purpose logiccircuitry, e.g., a central processing unit (CPU), a FPGA (fieldprogrammable gate array), or an ASIC (application specific integratedcircuit).

Computers suitable for the execution of a computer program include, byway of example, can be based on general or special purposemicroprocessors or both, or any other kind of central processing unit.Generally, a central processing unit will receive instructions and datafrom a read only memory or a random access memory or both. The essentialelements of a computer are a central processing unit for performing orexecuting instructions and one or more memory devices for storinginstructions and data. Generally, a computer will also include, or beoperatively coupled to receive data from or transfer data to, or both,one or more mass storage devices for storing data, e.g., magnetic,magneto optical disks, or optical disks. However, a computer need nothave such devices. Moreover, a computer can be embedded in anotherdevice, e.g., a mobile telephone, a personal digital assistant (PDA), amobile audio or video player, a game console, a Global PositioningSystem (GPS) receiver, or a portable storage device, e.g., a universalserial bus (USB) flash drive, to name just a few.

Computer readable media (transitory or non-transitory, as appropriate)suitable for storing computer program instructions and data include allforms of non volatile memory, media and memory devices, including by wayof example semiconductor memory devices, e.g., EPROM, EEPROM, and flashmemory devices; magnetic disks, e.g., internal hard disks or removabledisks; magneto optical disks; and CD ROM and DVD-ROM disks. The memorymay store various objects or data, including caches, classes,frameworks, applications, backup data, jobs, web pages, web pagetemplates, database tables, repositories storing business and/or dynamicinformation, and any other appropriate information including anyparameters, variables, algorithms, instructions, rules, constraints, orreferences thereto. Additionally, the memory may include any otherappropriate data, such as logs, policies, security or access data,reporting files, as well as others. The processor and the memory can besupplemented by, or incorporated in, special purpose logic circuitry.

To provide for interaction with a user, implementations of the subjectmatter described in this specification can be implemented on a computerhaving a display device, e.g., a CRT (cathode ray tube), LCD (liquidcrystal display), or plasma monitor, for displaying information to theuser and a keyboard and a pointing device, e.g., a mouse or a trackball,by which the user can provide input to the computer. Other kinds ofdevices can be used to provide for interaction with a user as well; forexample, feedback provided to the user can be any form of sensoryfeedback, e.g., visual feedback, auditory feedback, or tactile feedback;and input from the user can be received in any form, including acoustic,speech, or tactile input. In addition, a computer can interact with auser by sending documents to and receiving documents from a device thatis used by the user; for example, by sending web pages to a web browseron a user's client device in response to requests received from the webbrowser.

The term “graphical user interface,” or GUI, may be used in the singularor the plural to describe one or more graphical user interfaces and eachof the displays of a particular graphical user interface. Therefore, aGUI may represent any graphical user interface, including but notlimited to, a web browser, a touch screen, or a command line interface(CLI) that processes information and efficiently presents theinformation results to the user. In general, a GUI may include aplurality of user interface (UI) elements, some or all associated with aweb browser, such as interactive fields, pull-down lists, and buttonsoperable by the business suite user. These and other UI elements may berelated to or represent the functions of the web browser.

Implementations of the subject matter described in this specificationcan be implemented in a computing system that includes a back endcomponent, e.g., as a data server, or that includes a middlewarecomponent, e.g., an application server, or that includes a front endcomponent, e.g., a client computer having a graphical user interface ora Web browser through which a user can interact with an implementationof the subject matter described in this specification, or anycombination of one or more such back end, middleware, or front endcomponents. The components of the system can be interconnected by anyform or medium of digital data communication, e.g., a communicationnetwork. Examples of communication networks include a local area network(LAN), a wide area network (WAN), e.g., the Internet, and a wirelesslocal area network (WLAN).

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interactthrough a communication network. The relationship of client and serverarises by virtue of computer programs running on the respectivecomputers and having a client-server relationship to each other.

While this specification contains many specific implementation details,these should not be construed as limitations on the scope of anyinvention or on the scope of what may be claimed, but rather asdescriptions of features that may be specific to particularimplementations of particular inventions. Certain features that aredescribed in this specification in the context of separateimplementations can also be implemented in combination in a singleimplementation. Conversely, various features that are described in thecontext of a single implementation can also be implemented in multipleimplementations separately or in any suitable sub-combination. Moreover,although features may be described above as acting in certaincombinations and even initially claimed as such, one or more featuresfrom a claimed combination can in some cases be excised from thecombination, and the claimed combination may be directed to asub-combination or variation of a sub-combinations.

Similarly, while operations are depicted in the drawings in a particularorder, this should not be understood as requiring that such operationsbe performed in the particular order shown or in sequential order, orthat all illustrated operations be performed, to achieve desirableresults. In certain circumstances, multitasking and parallel processingmay be helpful. Moreover, the separation of various system modules andcomponents in the implementations described above should not beunderstood as requiring such separation in all implementations, and itshould be understood that the described program components and systemscan generally be integrated together in a single software product orpackaged into multiple software products.

Particular implementations of the subject matter have been described.Other implementations, alterations, and permutations of the describedimplementations are within the scope of the following claims as will beapparent to those skilled in the art. For example, the actions recitedin the claims can be performed in a different order and still achievedesirable results.

Accordingly, the above description of example implementations does notdefine or constrain this disclosure. Other changes, substitutions, andalterations are also possible without departing from the spirit andscope of this disclosure.

What is claimed is:
 1. A computer-implemented method for generating adigitally watermarked digital facial portrait, the method comprising:receiving a digital facial portrait of a subject; applying at least onedigital watermark to the digital facial portrait, the at least onedigital watermark encoding non-biometric personally identifiableinformation or palm-print information that identifies the subject whoseface is portrayed in the digital facial portrait; generating a digitallywatermarked digital facial portrait as a machine-readable code in whichthe at least one digital watermark is embedded into the digital facialportrait such that when the digitally watermarked digital facialportrait is presented on a mobile computing device of the subject, thesubject presenting the digitally watermarked digital facial portrait isauthenticatable by having the digitally watermarked digital facialportrait scanned such that (i) the non-biometric personally identifiableinformation or the palm-print information is retrieved from thedigitally watermarked digital facial portrait; and (ii) the digitallywatermarked digital facial portrait is authenticated based on thenon-biometric personally identifiable information or a palm-printinformation, and suspending or revoking the digitally watermarkeddigital facial portrait by removing the digitally watermarked digitalfacial portrait from a mobile computing device of the subject.
 2. Themethod of claim 1, further comprising: receiving a request to renew thedigitally watermarked digital facial portrait; and generating a reneweddigitally watermarked digital facial portrait after verifying therequest, the at least one digital watermark encoding the non-biometricpersonally identifiable information or the palm-print information thatidentifies the subject.
 3. The method of claim 2, further comprising:modifying the non-biometric personally identifiable information or thepalm-print information to reflect information updated by the requestbefore generating the renewed digital watermarked digital facialportrait.
 4. The method of claim 1, further comprising: receiving arequest for replacing the digitally watermarked digital facial portraitwith an updated digital facial portrait of the subject; in response todetermining that the request is genuine, applying the at least onedigital watermark to the updated digital facial portrait to encode thenon-biometric personally identifiable information or the palm-printinformation that identifies the subject to provide a replacementdigitally watermarked digital facial portrait; and generating thereplacement digitally watermarked digital facial portrait.
 5. The methodof claim 4, further comprising: modifying the non-biometric personallyidentifiable information or the palm-print information to reflectinformation updated by the request before generating the replacementdigitally watermarked digital facial portrait.
 6. The method of claim 1,wherein generating the digitally watermarked digital facial portraitcomprises issuing the digitally watermarked digital facial portrait to amobile computing device registered under the subject's name.
 7. Themethod of claim 1, further comprising: securing the digitallywatermarked digital facial portrait to prevent an alteration thereof. 8.The method of claim 7, wherein securing the digitally watermarkeddigital facial portrait comprises generating a quantitative index basedon the digital facial portrait.
 9. The method of claim 8, whereingenerating the quantitative index comprises generating a digitalcertificate of at least a portion of the digital facial portrait. 10.The method of claim 8, wherein generating the quantitative indexcomprises generating an encryption of at least a portion of the digitalfacial portrait using a private key of an issuing entity.
 11. The methodof claim 8, wherein generating the quantitative index comprisesgenerating a hash of at least a portion of the digitally watermarkeddigital facial portrait, or a digest of at least a portion of thedigital facial portrait.
 12. The method of claim 8, wherein generatingthe quantitative index comprises generating a checksum of at least aportion of digital facial portrait.
 13. The method of claim 8, whereingenerating the quantitative index comprises generating a version controlnumber to indicate a current version number.
 14. The method of claim 1,wherein suspending or revoking the digitally watermarked digital facialportrait is performed in response to a validated request for suspensionor revocation.
 15. A system for generating a digitally watermarkeddigital facial portrait, the system comprising: at least one processor;and a data store coupled to the at least one processor havinginstructions stored thereon which, when executed by the at least oneprocessor, causes the at least one processor to perform operationscomprising: receiving a digital facial portrait of a subject; applyingat least one digital watermark to the digital facial portrait, the atleast one digital watermark encoding non-biometric personallyidentifiable information or palm-print information that identifies thesubject whose face is portrayed in the digital facial portrait;generating a digitally watermarked digital facial portrait as amachine-readable code in which the at least one digital watermark isembedded into the digital facial portrait such that when the digitallywatermarked digital facial portrait is presented on a mobile computingdevice of the subject, the subject presenting the digitally watermarkeddigital facial portrait is authenticatable by having the digitallywatermarked digital facial portrait scanned such that (i) thenon-biometric personally identifiable information or the palm-printinformation is retrieved from the digitally watermarked digital facialportrait; and (ii) the digitally watermarked digital facial portrait isauthenticated based on the non-biometric personally identifiableinformation or a palm-print information, and suspending or revoking thedigitally watermarked digital facial portrait by removing the digitallywatermarked digital facial portrait from a mobile computing device ofthe subject.
 16. The system of claim 15, wherein the operations furthercomprise: receiving a request to renew Presented the digitallywatermarked digital facial portrait; and generating a renewed digitallywatermarked digital facial portrait after verifying the request, the atleast one digital watermark encoding the non-biometric personallyidentifiable information or the palm-print information identifying thesubject.
 17. The system of claim 16, wherein the operations furthercomprise: modifying the non-biometric personally identifiableinformation or the palm-print information to reflect information updatedby the request before generating the renewed digitally watermarkeddigital facial portrait.
 18. A non-transitory computer-readable medium,comprising information encoding a digitally watermarked digital facialportrait of a subject, the digitally watermarked digital facial portraitgenerated by: receiving a digital facial portrait of a subject; applyingat least one digital watermark to the digital facial portrait, the atleast one digital watermark encoding non-biometric personallyidentifiable information or palm-print information that identifies thesubject whose face is portrayed in the digital facial portrait;generating a digitally watermarked digital facial portrait as amachine-readable code in which the at least one digital watermark isembedded into the digital facial portrait such that when the digitallywatermarked digital facial portrait is presented on a mobile computingdevice of the subject, the subject presenting the digitally watermarkeddigital facial portrait is authenticatable by having the digitallywatermarked digital facial portrait scanned such that (i) thenon-biometric personally identifiable information or the palm-printinformation is retrieved from the digitally watermarked digital facialportrait; and (ii) the digitally watermarked digital facial portrait isauthenticated based on the non-biometric personally identifiableinformation or a palm-print information, and suspending or revoking thedigitally watermarked digital facial portrait by removing the digitallywatermarked digital facial portrait from a mobile computing device ofthe subject.
 19. The system of claim 15, wherein-suspending or revokingthe digitally watermarked digital facial portrait is performed inresponse to a validated request for suspension or revocation.
 20. Themedium of claim 18, wherein-suspending or revoking the digitallywatermarked digital facial portrait is performed in response to avalidated request for suspension or revocation.